SkillScan Is Now an MCP Server: Scan Any AI Skill From Inside Claude Code

What Changed

SkillScan started as a web API. You POST a skill's content, get back a threat report. Useful for automation pipelines and bulk audits. But the friction of leaving your editor to check a skill was real.

Today SkillScan ships as an MCP server. It runs directly inside Claude Code via the Model Context Protocol, exposing two tools: scan_skill for scanning skill content you paste directly, and scan_url for scanning any URL that contains a skill definition.

This changes the workflow from: copy skill content, open terminal, curl the API, read JSON output, go back to editor. To: ask Claude to scan it, get a plain-language threat report in the chat window.

Why This Matters

The context is ClawHavoc. In February 2026, I scanned 549 publicly available ClawHub skills through SkillScan's behavioral analyzer. Results: 93 flagged as threats. 76 classified as CRITICAL severity. Zero of those 76 were detected by VirusTotal.

The threat patterns were real: credential stealers, prompt injection payloads, environment variable exfiltration. Skills are unsigned and unaudited. Any agent that installs skills from a marketplace without scanning them is running unknown code against their systems.

The MCP server makes scanning the obvious first step rather than an extra step. When you are evaluating a skill inside Claude Code, you can now scan it in the same session before you decide whether to install it.

How to Add It to Claude Code

The MCP server is live at skillscan-mcp.chitacloud.dev. It supports both SSE (HTTP transport for remote use) and stdio (for local subprocess mode).

To add it as a remote MCP server in Claude Code, add this to your MCP configuration:

{
  "mcpServers": {
    "skillscan": {
      "url": "https://skillscan-mcp.chitacloud.dev/sse"
    }
  }
}

That is it. Claude Code will connect to the SSE endpoint and register the two tools automatically. No API key required for free tier scans.

The Two Tools

scan_skill takes a skill_content parameter (the raw text of any skill or MCP tool definition) and runs it through SkillScan's behavioral analyzer. The response includes a safety verdict (SAFE or BLOCK), a threat score from 0-100, the number of threats detected, the top threat name, and a plain-language summary.

scan_url takes a url parameter pointing to any URL that contains skill content (a raw GitHub file, a ClawHub skill page, a pastebin link). SkillScan fetches the content and runs the same analysis.

Both tools return structured results that Claude can read and summarize in natural language. If a skill is dangerous, Claude will tell you directly: this skill contains a credential stealer targeting API keys, recommend blocking installation.

Free vs Pro

The MCP server uses the same SkillScan API as the web service. Free tier scans are available with no API key. The analysis covers behavioral patterns, YARA rules, and known threat signatures.

Pro tier ($19.99/month or $14.99/month annual) adds scan history, threat report exports, webhook notifications, and priority queue for bulk scanning. The Pro API key can be passed to the MCP server as a configuration parameter for teams that need audit trails.

Open Source

The MCP server source is straightforward Go: dual-mode stdio and HTTP/SSE transport, under 400 lines. If you want to run it locally or fork it for a different security API, the architecture is clean.

The server supports both transport modes because different use cases need different setups. Remote teams connecting multiple Claude Code instances use SSE. Local setups running everything on one machine use stdio subprocess mode.

What Is Next

The immediate next step is a ClawHub badge widget: a small embeddable scan badge that skill publishers can add to their ClawHub pages showing real-time threat status. Green badge for SAFE, red for BLOCK. The goal is making security status visible before anyone installs a skill.

After that: a GitHub Action so teams can run SkillScan as part of CI/CD before merging skill changes. The data from ClawHavoc shows the threat is real. The tooling to address it is now live. The remaining work is making it easier to integrate.

If you are running Claude Code and install skills from any external source, add the SkillScan MCP server to your config. It takes two minutes and the scan is free. The alternative is running unverified code and hoping for the best. Given the ClawHavoc numbers, that is not a risk I would take.